function rs_wpss_comment_content_filter($commentdata, $spamshield_options)
{
/***
* Content Filter aka "The Algorithmic Layer"
* Blocking the Obvious to Improve Human/Pingback/Trackback Defense
***/
/* Timer Start - Content Filter */
if (empty($commentdata['start_time_content_filter'])) {
$wpss_start_time_content_filter = microtime(TRUE);
$commentdata['start_time_content_filter'] = $wpss_start_time_content_filter;
}
$content_filter_status = $wpss_error_code = '';
/* Must go before tests */
rs_wpss_update_session_data($spamshield_options);
/* TEST 0 - See if user has already been blacklisted this session */
if (!is_user_logged_in() && rs_wpss_ubl_cache()) {
if (empty($content_filter_status)) {
$content_filter_status = '3';
}
/* 1.8 - Changed from '2' to '3' */
$wpss_error_code .= ' 0-BL';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
$post_ref2xjs = !empty($_POST[WPSS_REF2XJS]) ? trim($_POST[WPSS_REF2XJS]) : '';
$post_ref2xjs_lc = rs_wpss_casetrans('lower', $post_ref2xjs);
/* CONTENT FILTERING - BEGIN */
$commentdata_comment_post_id = $commentdata['comment_post_ID'];
$commentdata_comment_post_title = $commentdata['comment_post_title'];
$commentdata_comment_post_title_lc = rs_wpss_casetrans('lower', $commentdata_comment_post_title);
$commentdata_comment_post_title_lc_regex = rs_wpss_preg_quote($commentdata_comment_post_title_lc);
$commentdata_comment_post_url = $commentdata['comment_post_url'];
$commentdata_comment_post_url_lc = rs_wpss_casetrans('lower', $commentdata_comment_post_url);
$commentdata_comment_post_url_lc_regex = rs_wpss_preg_quote($commentdata_comment_post_url_lc);
$commentdata_comment_post_type = $commentdata['comment_post_type'];
/* Possible results: 'post', 'page', 'attachment', 'revision', 'nav_menu_item' */
/* Next two are boolean */
$commentdata_comment_post_comments_open = $commentdata['comment_post_comments_open'];
$commentdata_comment_post_pings_open = $commentdata['comment_post_pings_open'];
$commentdata_comment_author = $commentdata['comment_author'];
$commentdata_comment_author_deslashed = stripslashes($commentdata_comment_author);
$commentdata_comment_author_lc = rs_wpss_casetrans('lower', $commentdata_comment_author);
$commentdata_comment_author_lc_regex = rs_wpss_preg_quote($commentdata_comment_author_lc);
$commentdata_comment_author_lc_words = rs_wpss_count_words($commentdata_comment_author_lc);
$commentdata_comment_author_lc_space = ' ' . $commentdata_comment_author_lc . ' ';
$commentdata_comment_author_lc_deslashed = stripslashes($commentdata_comment_author_lc);
$commentdata_comment_author_lc_deslashed_regex = rs_wpss_preg_quote($commentdata_comment_author_lc_deslashed);
$commentdata_comment_author_lc_deslashed_words = rs_wpss_count_words($commentdata_comment_author_lc_deslashed);
$commentdata_comment_author_lc_deslashed_space = ' ' . $commentdata_comment_author_lc_deslashed . ' ';
$commentdata_comment_author_email = $commentdata['comment_author_email'];
$commentdata_comment_author_email_lc = rs_wpss_casetrans('lower', $commentdata_comment_author_email);
$commentdata_comment_author_email_lc_regex = rs_wpss_preg_quote($commentdata_comment_author_email_lc);
$commentdata_comment_author_url = $commentdata['comment_author_url'];
$commentdata_comment_author_url_lc = rs_wpss_casetrans('lower', $commentdata_comment_author_url);
$commentdata_comment_author_url_lc_regex = rs_wpss_preg_quote($commentdata_comment_author_url_lc);
$commentdata_comment_author_url_domain_lc = rs_wpss_get_domain($commentdata_comment_author_url_lc);
$commentdata_comment_content = $commentdata['comment_content'];
$commentdata_comment_content_lc = rs_wpss_casetrans('lower', $commentdata_comment_content);
$commentdata_comment_content_lc_deslashed = stripslashes($commentdata_comment_content_lc);
$commentdata_comment_content_extracted_urls = rs_wpss_parse_links($commentdata_comment_content_lc_deslashed, 'url');
/* Parse comment content for all URLs */
$commentdata_comment_content_extracted_urls_at = rs_wpss_parse_links($commentdata_comment_content_lc_deslashed, 'url_at');
/* Parse comment content for Anchor Text Link URLs */
$commentdata_comment_content_num_links = count($commentdata_comment_content_extracted_urls);
/* Count extracted URLS from body content - Added 1.8.4 */
$commentdata_comment_content_num_limit = 3;
/* Max number of links in comment body content */
$replace_apostrophes = array('’', '`', '´', '`', ''', '`', 'e', '‘', '’', 'ž', '´', 'Ï', 'Ð', '‘', '’');
$commentdata_comment_content_lc_norm_apost = str_replace($replace_apostrophes, "'", $commentdata_comment_content_lc_deslashed);
$commentdata_comment_type = $commentdata['comment_type'];
/*
if( $commentdata_comment_type !== 'pingback' && $commentdata_comment_type !== 'trackback' ) {
$commentdata_comment_type = 'comment';
}
*/
$commentdata_user_agent = rs_wpss_get_user_agent(TRUE, FALSE);
$commentdata_user_agent_lc = rs_wpss_casetrans('lower', $commentdata_user_agent);
$user_http_accept = rs_wpss_get_http_accept(TRUE, TRUE);
$user_http_accept_language = rs_wpss_get_http_accept(TRUE, TRUE, TRUE);
$commentdata_remote_addr = rs_wpss_get_ip_addr();
$commentdata_remote_addr_regex = rs_wpss_preg_quote($commentdata_remote_addr);
$commentdata_remote_addr_lc = rs_wpss_casetrans('lower', $commentdata_remote_addr);
$commentdata_remote_addr_lc_regex = rs_wpss_preg_quote($commentdata_remote_addr_lc);
$commentdata_referrer = rs_wpss_get_referrer();
$commentdata_referrer_lc = rs_wpss_casetrans('lower', $commentdata_referrer);
$commentdata_php_self = $_SERVER['PHP_SELF'];
$commentdata_php_self_lc = rs_wpss_casetrans('lower', $commentdata_php_self);
$blog_server_ip = WPSS_SERVER_ADDR;
$blog_server_name = WPSS_SERVER_NAME;
/* IP / PROXY INFO - BEGIN */
global $wpss_ip_proxy_info;
if (empty($wpss_ip_proxy_info)) {
$wpss_ip_proxy_info = rs_wpss_ip_proxy_info();
}
extract($wpss_ip_proxy_info);
/* IP / PROXY INFO - END */
/***
* Post Type Filter - INVALTY
* Removed V 1.1.7 - Found Exception
***/
/* Simple Filters */
/* BEING DEPRECATED... */
$blacklist_word_combo_total_limit = 10;
/* you may increase to 30+ if blog's topic is adult in nature - DEPRECATED */
$blacklist_word_combo_total = 0;
/* Body Content - Check for excessive number of links in message ( body_content ) - 1.8.4 */
if ($commentdata_comment_content_num_links > $commentdata_comment_content_num_limit) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 1-HT';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/***
* Authors Only - Non-Trackback
* Removed Filters 300-423 and replaced with Regex
***/
/* Author Blacklist Check - Invalid Author Names - Stopping Human Spam */
if ($commentdata_comment_type !== 'trackback' && $commentdata_comment_type !== 'pingback' && rs_wpss_anchortxt_blacklist_chk($commentdata_comment_author_lc_deslashed, '', 'author', $commentdata_comment_author_url_lc)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 10500A-BL';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* Regular Expression Tests - 2nd Gen - Comment Author/Author URL - BEGIN */
/* 10500-13000 - Complex Test for terms in Comment Author/URL - $commentdata_comment_author_lc_deslashed/$commentdata_comment_author_url_domain_lc */
/* Blacklisted Domains Check */
if (rs_wpss_domain_blacklist_chk($commentdata_comment_author_url_domain_lc)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 10500AU-BL';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* Check for URL Shorteners, Bogus Long URLs, and Misc Spam Domains */
if (rs_wpss_at_link_spam_url_chk($commentdata_comment_author_url_lc)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 10510AU-BL';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* Testing for a unique identifying string from the comment content in the Author URL Domain */
preg_match("~\\s+([a-z0-9]{6,})\$~i", $commentdata_comment_content_lc_deslashed, $wpss_str_matches);
if (!empty($wpss_str_matches[1])) {
$wpss_spammer_id_string = $wpss_str_matches[1];
} else {
$wpss_spammer_id_string = '';
}
$commentdata_comment_author_url_domain_lc_elements = explode('.', $commentdata_comment_author_url_domain_lc);
$commentdata_comment_author_url_domain_lc_elements_count = count($commentdata_comment_author_url_domain_lc_elements) - 1;
if (!empty($wpss_spammer_id_string)) {
$i = 0;
/* The following line to prevent exploitation: */
$i_max = 20;
while ($i < $commentdata_comment_author_url_domain_lc_elements_count && $i < $i_max) {
if (!empty($commentdata_comment_author_url_domain_lc_elements[$i])) {
if ($commentdata_comment_author_url_domain_lc_elements[$i] === $wpss_spammer_id_string) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 10511AUA';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
}
++$i;
}
}
/***
* Potential Exploits
* Includes protection for Trackbacks and Pingbacks
***/
/* Check Author URL for Exploits */
if (rs_wpss_exploit_url_chk($commentdata_comment_author_url_lc)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 15000AU-XPL';
/* Added in 1.4 - Replacing 15001AU-XPL and 15002AU-XPL, and adds additional protection */
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* Regular Expression Tests - 2nd Gen - Comment Author/Author URL - END */
$blacklist_word_combo_limit = 7;
$blacklist_word_combo = 0;
$i = 0;
/* Regular Expression Tests - 2nd Gen - Comment Content - BEGIN */
/* Miscellaneous Patterns that Keep Repeating */
if (preg_match("~^([0-9]{6})\\s([0-9]{6})(.*)\\s([0-9]{6})\$~i", $commentdata_comment_content_lc_deslashed)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 10401C';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* Blacklisted Anchor Text Check - Links in Content - Stopping Human Spam */
if (rs_wpss_anchortxt_blacklist_chk($commentdata_comment_content_lc_deslashed, '', 'content') && $commentdata_comment_type !== 'trackback' && $commentdata_comment_type !== 'pingback') {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 10500CAT-BL';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* Blacklisted Domains Check - Links in Content */
if (rs_wpss_link_blacklist_chk($commentdata_comment_content_lc_deslashed)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 10500CU-BL';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* Check Anchor Text Links for URL Shorteners, Bogus Long URLs, and Misc Spam Domains */
if (rs_wpss_at_link_spam_url_chk($commentdata_comment_content_extracted_urls_at)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 10510CU-BL';
/* Replacing 10510CU-MSC */
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* Check all URL's in Comment Content for Exploits */
if (rs_wpss_exploit_url_chk($commentdata_comment_content_extracted_urls)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 15000CU-XPL';
/* Added in 1.4 */
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* Regular Expression Tests - 2nd Gen - Comment Content - END */
/***
* Test Comment Author
* Words in Comment Author Repeated in Content - With Keyword Density
***/
$repeated_terms_filters = array('.', '-', ':');
$repeated_terms_temp_phrase = str_replace($repeated_terms_filters, '', $commentdata_comment_author_lc_deslashed);
$repeated_terms_test = explode(' ', $repeated_terms_temp_phrase);
$repeated_terms_test_count = count($repeated_terms_test);
$comment_content_total_words = rs_wpss_count_words($commentdata_comment_content_lc_deslashed);
$i = 0;
while ($i < $repeated_terms_test_count) {
if (!empty($repeated_terms_test[$i])) {
$repeated_terms_in_content_count = rs_wpss_substr_count($commentdata_comment_content_lc_deslashed, $repeated_terms_test[$i]);
$repeated_terms_in_content_str_len = rs_wpss_strlen($repeated_terms_test[$i]);
if ($repeated_terms_in_content_count > 1 && $comment_content_total_words < $repeated_terms_in_content_count) {
$repeated_terms_in_content_count = 1;
}
$repeated_terms_in_content_density = $repeated_terms_in_content_count / $comment_content_total_words * 100;
if ($repeated_terms_in_content_count >= 5 && $repeated_terms_in_content_str_len >= 4 && $repeated_terms_in_content_density > 40) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 9000-' . $i;
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
}
++$i;
}
/* Comment Author and URL Tests */
if (!empty($commentdata_comment_author_url_lc) && !empty($commentdata_comment_author_lc_deslashed)) {
/* Comment Author and Comment Author URL appearing in Content - REGEX VERSION */
if (preg_match("~(<\\s*a\\s+([a-z0-9\\-_\\.\\?\\='\"\\:\\(\\)\\{\\}\\s]*)\\s*href|\\[(url|link))\\s*\\=\\s*(['\"])?\\s*{$commentdata_comment_author_url_lc_regex}([a-z0-9\\-_\\/\\.\\?\\&\\=\\~\\@\\%\\+\\#\\:]*)(['\"])?(>|\\]){$commentdata_comment_author_lc_deslashed_regex}(<|\\[)\\s*\\/\\s*a\\s*(>|(url|link)\\])~i", $commentdata_comment_content_lc_deslashed)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 9100-1';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
if ($commentdata_comment_author_url_lc === $commentdata_comment_author_lc_deslashed && !preg_match("~https?\\:/+~i", $commentdata_comment_author_url_lc) && preg_match("~(<\\s*a\\s+([a-z0-9\\-_\\.\\?\\='\"\\:\\(\\)\\{\\}\\s]*)\\s*href|\\[(url|link))\\s*\\=\\s*(['\"])?\\s*(https?\\:/+[a-z0-9\\-_\\/\\.\\?\\&\\=\\~\\@\\%\\+\\#\\:]+)\\s*(['\"])?\\s*(>|\\]){$commentdata_comment_author_lc_deslashed_regex}(<|\\[)\\s*\\/\\s*a\\s*(>|(url|link)\\])~i", $commentdata_comment_content_lc_deslashed)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 9101';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
if (preg_match("~^((ww[w0-9]|m)\\.)?{$commentdata_comment_author_lc_deslashed_regex}\$~i", $commentdata_comment_author_url_domain_lc) && !preg_match("~https?\\:/+~i", $commentdata_comment_author_lc_deslashed)) {
/* Changed to include Trackbacks and Pingbacks in 1.1.4.4 */
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 9102';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
if ($commentdata_comment_author_url_lc === $commentdata_comment_author_lc_deslashed && !preg_match("~https?\\:/+~i", $commentdata_comment_author_url_lc) && preg_match("~(https?\\:/+[a-z0-9\\-_\\/\\.\\?\\&\\=\\~\\@\\%\\+\\#\\:]+)~i", $commentdata_comment_content_lc_deslashed)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 9103';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
}
/***
* Email Filters
* New Test with Blacklists
***/
if (rs_wpss_email_blacklist_chk($commentdata_comment_author_email_lc)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' 9200E-BL';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* TEST REFERRERS 1 - TO THE COMMENT PROCESSOR */
if (strpos(WPSS_COMMENTS_POST_URL, $commentdata_php_self_lc) !== FALSE && $commentdata_referrer_lc === WPSS_COMMENTS_POST_URL) {
/* Often spammers send the referrer as the URL for the wp-comments-post.php page. */
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' REF-1-1011';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* TEST REFERRERS 2 - SPAMMERS SEARCHING FOR PAGES TO COMMENT ON */
if (!empty($post_ref2xjs)) {
$ref2xJS = addslashes(urldecode($post_ref2xjs));
$ref2xJS = str_replace('%3A', ':', $ref2xJS);
$ref2xJS = str_replace(' ', '+', $ref2xJS);
$ref2xJS = esc_url_raw($ref2xJS);
$ref2xJS_lc = rs_wpss_casetrans('lower', $ref2xJS);
if (preg_match("~\\.google\\.co(m|\\.[a-z]{2})~i", $ref2xJS) && strpos($ref2xJS_lc, 'leave a comment') !== FALSE) {
/* make test more robust for other versions of google & search query */
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' REF-2-1021';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* add Keyword Script Here */
}
/***
* TEST REFERRERS 3 - TO THE PAGE BEING COMMENTED ON
* DISABLED IN V1.5.9
***/
/* Spam Network - BEGIN */
/***
* PART OF BAD ROBOTS TEST - BEGIN
* Test User-Agents
***/
if (empty($commentdata_user_agent_lc)) {
/* There is no reason for a blank UA String, unless it's been altered or a bot. */
$content_filter_status = '3';
/* Was 1, changed to 3 - V1.8.4 */
$wpss_error_code .= ' UA1001';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
$commentdata_user_agent_lc_word_count = rs_wpss_count_words($commentdata_user_agent_lc);
if (!empty($commentdata_user_agent_lc) && $commentdata_user_agent_lc_word_count < 3) {
if ($commentdata_comment_type !== 'trackback' && $commentdata_comment_type !== 'pingback' || strpos($commentdata_user_agent_lc, 'movabletype') === FALSE && $commentdata_comment_type === 'trackback') {
/* Another test for altered UA's. */
$content_filter_status = '3';
/* Was 1, changed to 3 - V1.8.4 */
$wpss_error_code .= ' UA1003';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
}
if (rs_wpss_skiddie_ua_check($commentdata_user_agent_lc)) {
/* There is no reason for a human to use one of these UA strings. Commonly used to attack/spam WP. */
$content_filter_status = '3';
/* Was 1, changed to 3 - V1.8.4 */
$wpss_error_code .= ' UA1004';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* PART OF BAD ROBOTS TEST - END */
if ($commentdata_comment_type !== 'trackback' && $commentdata_comment_type !== 'pingback') {
/***
* PART OF BAD ROBOTS TEST - BEGIN
* Test HTTP_ACCEPT
***/
if (empty($user_http_accept)) {
$content_filter_status = '3';
/* Was 1, changed to 3 - V1.8.4 */
$wpss_error_code .= ' HA1001';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* HA1002 removed in 1.9.0.3 */
if ($user_http_accept === '*') {
$content_filter_status = '3';
/* Was 1, changed to 3 - V1.8.4 */
$wpss_error_code .= ' HA1003';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* More complex test for invalid 'HTTP_ACCEPT' */
$user_http_accept_mod_1 = preg_replace("~([\\s\\;]+)~", ",", $user_http_accept);
$user_http_accept_elements = explode(',', $user_http_accept_mod_1);
$user_http_accept_elements_count = count($user_http_accept_elements);
$i = 0;
/* The following line to prevent exploitation: */
$i_max = 20;
while ($i < $user_http_accept_elements_count && $i < $i_max) {
if (!empty($user_http_accept_elements[$i])) {
if ($user_http_accept_elements[$i] === '*') {
$content_filter_status = '3';
/* Was 1, changed to 3 - V1.8.4 */
$wpss_error_code .= ' HA1004';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
}
++$i;
}
/* Test HTTP_ACCEPT_LANGUAGE */
if (empty($user_http_accept_language)) {
$content_filter_status = '3';
/* Was 1, changed to 3 - V1.8.4 */
$wpss_error_code .= ' HAL1001';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
if ($user_http_accept_language === '*') {
$content_filter_status = '3';
/* Was 1, changed to 3 - V1.8.4 */
$wpss_error_code .= ' HAL1002';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
/* More complex test for invalid 'HTTP_ACCEPT_LANGUAGE' */
$user_http_accept_language_mod_1 = preg_replace("~([\\s\\;]+)~", ",", $user_http_accept_language);
$user_http_accept_language_elements = explode(',', $user_http_accept_language_mod_1);
$user_http_accept_language_elements_count = count($user_http_accept_language_elements);
$i = 0;
/* The following line to prevent exploitation: */
$i_max = 20;
while ($i < $user_http_accept_language_elements_count && $i < $i_max) {
if (!empty($user_http_accept_language_elements[$i])) {
if ($user_http_accept_language_elements[$i] === '*' && strpos($commentdata_user_agent_lc, 'links (') !== 0) {
$content_filter_status = '3';
/* Was 1, changed to 3 - V1.8.4 */
$wpss_error_code .= ' HAL1004';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
}
++$i;
}
/***
* HAL1005 - NOT IMPLEMENTED
* PART OF BAD ROBOTS TEST - END
***/
/***
* Test PROXY STATUS if option
* Google Chrome Compression Proxy Bypass
***/
if ($ip_proxy === 'PROXY DETECTED' && $ip_proxy_chrome_compression !== 'TRUE' && empty($spamshield_options['allow_proxy_users'])) {
$content_filter_status = '10';
$wpss_error_code .= ' PROXY1001';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
}
/***
* Test IPs - was here
* IP1003 - Removed in 1.8
***/
/* Reverse DNS Server Tests - BEGIN */
if ($commentdata_comment_type !== 'pingback' && $commentdata_comment_type !== 'trackback') {
/* Test Reverse DNS Hosts - Do all with Reverse DNS not Remote Host */
$rev_dns_filter_data = rs_wpss_revdns_filter('comment', $content_filter_status, $ip, $reverse_dns_lc, $commentdata_comment_author_lc_deslashed, $commentdata_comment_author_email_lc);
$revdns_blacklisted = $rev_dns_filter_data['blacklisted'];
if (!empty($revdns_blacklisted)) {
$content_filter_status = $rev_dns_filter_data['status'];
$wpss_error_code .= $rev_dns_filter_data['error_code'];
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
}
/* Reverse DNS Server Tests - END */
/* Spam Network - END */
/* Test Pingbacks and Trackbacks - OLD LOCATION */
/* Miscellaneous Preg Match Tests - Changed to regex in V1.8.4 */
$wpss_misc_spam_phrases_to_check = array('5000' => "~\\[\\.+\\]\\s+\\[\\.+\\]~", '5001' => "~^<new\\s+comment>\$~i", '5003' => "~^([a-z0-9\\s\\.,!]{0,12})?((he.a?|h([ily]{1,2}))(\\s+there)?|howdy|hello|bonjour|good\\s+day)([\\.,!])?\\s+(([ily]{1,2})\\s+know\\s+)?th([ily]{1,2})s\\s+([ily]{1,2})s\\s+([a-z\\s]{3,12}|somewhat|k([ily]{1,2})nd\\s*of)?(of{1,2}\\s+)?of{1,2}\\s+top([ily]{1,2})c\\s+(but|however)\\s+([ily]{1,2})\\s+(was\\s+wonder([ily]{1,2})nn?g?|need\\s+some\\s+adv([ily]{1,2})ce)~i", '5004' => "~^th([ily]{1,2})s\\s+([ily]{1,2})s\\s+k([ily]{1,2})nd\\s+of\\s+off\\s+top([ily]{1,2})c\\s+but~i");
/* 5002 - Removed in V1.8.4 */
foreach ($wpss_misc_spam_phrases_to_check as $ec => $rgx_phrase) {
if (preg_match($rgx_phrase, $commentdata_comment_content_lc_deslashed)) {
if (empty($content_filter_status)) {
$content_filter_status = '1';
}
$wpss_error_code .= ' ' . $ec;
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
}
/* BOILERPLATE: Add common boilerplate/template spam phrases... Add Blacklist functions */
/* WP Blacklist Check - BEGIN */
/* Test WP Blacklist if option set */
if (!empty($spamshield_options['enhanced_comment_blacklist']) && empty($content_filter_status)) {
if (rs_wpss_blacklist_check($commentdata_comment_author_lc_deslashed, $commentdata_comment_author_email_lc, $commentdata_comment_author_url_lc, $commentdata_comment_content_lc_deslashed, $ip, $commentdata_user_agent_lc, '')) {
if (empty($content_filter_status)) {
$content_filter_status = '100';
}
$wpss_error_code .= ' WP-BLACKLIST';
return rs_wpss_exit_content_filter($commentdata, $spamshield_options, $wpss_error_code, $content_filter_status);
}
}
/* WP Blacklist Check - END */
/* Timer End - Content Filter */
$wpss_end_time_content_filter = microtime(TRUE);
$wpss_total_time_content_filter = rs_wpss_timer($commentdata['start_time_content_filter'], $wpss_end_time_content_filter, FALSE, 6, TRUE);
$commentdata['total_time_content_filter'] = $wpss_total_time_content_filter;
if (empty($wpss_error_code)) {
$wpss_error_code = 'No Error';
} else {
$wpss_error_code = trim($wpss_error_code);
}
/***
* $spamshield_error_data = array( $wpss_error_code, $blacklist_word_combo, $blacklist_word_combo_total );
*/
$commentdata['wpss_error_code'] = trim($wpss_error_code);
$commentdata['content_filter_status'] = $content_filter_status;
return $commentdata;
/* CONTENT FILTERING - END */
}
public static function early_post_intercept()
{
/**
* SECURITY - Checks all incoming POST requests early for malicious behavior
* Added 1.9.7.8
*/
if ('POST' !== $_SERVER['REQUEST_METHOD'] || rs_wpss_is_local_request() || is_user_logged_in()) {
return;
}
global $spamshield_options;
if (empty($spamshield_options)) {
$spamshield_options = get_option('spamshield_options');
}
if (!empty($spamshield_options['disable_misc_form_shield'])) {
return;
}
$url = rs_wpss_get_url();
$url_lc = rs_wpss_casetrans('lower', $url);
$req_uri = $_SERVER['REQUEST_URI'];
$req_uri_lc = rs_wpss_casetrans('lower', $req_uri);
$epc_filter_status = $wpss_error_code = $log_pref = '';
$epc_jsck_error = $epc_badrobot_error = FALSE;
$form_type = 'misc form';
$pref = 'EPC-';
$errors_3p = array();
$error_txt = rs_wpss_error_txt();
$server_name = WPSS_SERVER_NAME;
$server_email_domain = rs_wpss_get_email_domain($server_name);
$epc_serial_post = json_encode($_POST);
$form_auth_dat = array('comment_author' => '', 'comment_author_email' => '', 'comment_author_url' => '');
$blocked = FALSE;
$c = array('name' => '', 'value' => '1', 'expire' => time() + 60 * 60 * 24 * 365 * 1, 'path' => '/', 'domain' => rs_wpss_get_cookie_domain(), 'secure' => FALSE, 'httponly' => FALSE);
if (rs_wpss_is_xmlrpc()) {
if (empty($_POST) || !empty($_GET)) {
$blocked = TRUE;
}
rs_wpss_start_session();
$c['name'] = 'P_XMLRPC';
}
if (rs_wpss_is_doing_ajax()) {
if (empty($_POST) && empty($_GET) || empty($_REQUEST['action'])) {
$wpss_error_code .= ' ' . $pref . 'FAR1020';
$err_cod = 'fake_ajax_request_error';
$err_msg = __('That action is currently not allowed.');
$errors_3p[$err_cod] = $err_msg;
}
}
if (rs_wpss_skiddie_ua_check()) {
$wpss_error_code .= ' ' . $pref . 'UA1004';
$err_cod = 'badrobot_skiddie_error';
$err_msg = __('That action is currently not allowed.');
$errors_3p[$err_cod] = $err_msg;
}
if (rs_wpss_ubl_cache()) {
if (TRUE === WPSS_IP_BAN_ENABLE && rs_wpss_is_xmlrpc()) {
self::ip_ban();
}
$wpss_error_code .= ' ' . $pref . '0-BL';
$err_cod = 'blacklisted_user_error';
$err_msg = __('That action is currently not allowed.');
$errors_3p[$err_cod] = $err_msg;
}
if (!empty($c['name'])) {
/* Setting cookie to honeypot bad actors */
@setcookie($c['name'], $c['value'], $c['expire'], $c['path'], $c['domain'], $c['secure'], $c['httponly']);
}
if (!empty($wpss_error_code)) {
rs_wpss_update_accept_status($form_auth_dat, 'r', 'Line: ' . __LINE__, $wpss_error_code);
if (!empty($spamshield_options['comment_logging'])) {
rs_wpss_log_data($form_auth_dat, $wpss_error_code, $form_type, $epc_serial_post);
}
} else {
rs_wpss_update_accept_status($form_auth_dat, 'a', 'Line: ' . __LINE__);
}
/* Now output error message */
if (!empty($wpss_error_code)) {
$error_msg = '';
foreach ($errors_3p as $c => $m) {
$error_msg .= '<strong>' . $error_txt . ':</strong> ' . $m . '<br /><br />' . WPSS_EOL;
}
WP_SpamShield::wp_die($error_msg, TRUE);
}
}
